This document has been reviewed as part of the transport area review team's ongoing effort to review key IETF documents. These comments were written primarily for the transport area directors, but are copied to the document's authors and WG to allow them to address any issues raised and also to the IETF discussion list for information.

When done at the time of IETF Last Call, the authors should consider this review as part of the last-call comments they receive. Please always CC tsv-art@ietf.org if you reply to or forward this review.

This document is Almost Ready.

This document describes a mechanism for reflecting the prefix of an IPv6 packet back to its source (or to whatever the destination sees as the source), leveraging the ICMPv6 Extended Echo mechanism. It is designed to avoid amplification attacks by requiring the request and response to be the same size.

My only comments regard the (presumably normative) requirement that "Middle boxes must not modify the Reflect All extension object. This ensures that the reflected information reaches the probing node exactly as sent by the probed node." Firstly, I assume this should be a "MUST NOT". Secondly: I assume this language was carefully chosen not to preclude wholesale filtering, but instead to either let the request and response through untouched, *or* filter them entirely. Was that the intent?

I imagine most network admins will not want to rely on endpoints, many of which they have minimal control over, to filter requests or scrub replies that could be used by adversaries to construct a model of their internal network topology, and will take the easy path of entirely filtering these requests at network boundaries.

You may wish to consider an update to RFC 4890 with guidance on how and when it is appropriate to filter such requests or responses.